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Abstract. Linear temporal logic was introduced in order to reason about reactive systems. It is 
often considered with respect to infinite words, to specify the behaviour of long-running systems. 
One can consider more general models for linear time, using words indexed by arbitrary linear 
^-H , orderings. We investigate the connections between temporal logic and automata on linear orderings, 
as introduced by Bruyere and Carton. We provide a doubly exponential procedure to compute from 
any LTL formula with Until, Since, and the Stavi connectives an automaton that decides whether 
P5 ' that formula holds on the input word. In particular, since the emptiness problem for these automata 
, is decidable, this transformation gives a decision procedure for the satisfiability of the logic. 
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1 Introduction 

Temporal logic, in particular LTL, was proposed by Pnueli to specify the behaviour of re- 
active systems 11211 . The model of time usually considered is the ordered set of natural 
numbers, and executions of the system are seen as infinite words on some set of atomic 
Q [ propositions. This logic was shown to have the same expressive power as the first order 

■ logic of order UTTl , but it provides a more convenient formalism to express verification prop- 
I ■ erties. It is also more tractable: while the satisfiability problem of FO is non-elementary fT8|, 

^ ', it was shown in IITTII that the decision problem of LTL with Until and Since on a;-words is 
^T) ] PSPACE-complete. This logic has also strong ties with automata, with important work to 
' provide efficient translations to Biichi automata, e.g. IITOl . 

■ Within this time model, a number of extensions of the logic and the automata model 
^ '. have been studied. But one can also consider more general models of time: general linear 
y—{ \ time could be useful in different settings, including concurrency, asynchronous communi- 
^ ' cation, and others, where using the set of integers can be too simplistic. Possible choices 

I> . include ordinals, the reals, or even arbitrary linear orderings. In terms of expressivity, while 
^ LTL with Until and Since is expressively complete {i.e. equivalent to FO) on Dedekind- 
?H I complete orderings (which includes the ordering of the reals as well as all ordinals), this 
- - does not hold in the general case. Two more connectives, the future and past Stavi opera- 
tors, are necessary to handle gaps H when considering arbitrary linear orderings. 

Over ordinals, LTL with Until and Since has been shown to have a PSPACE-complete 
satisfiability problem 0. Over the ordering of the real numbers, satisfiability of LTL with 
until and since is PSPACE-complete, but satisfiability of MSO is undecidable. Over general 
linear time, first order logic has been shown to be decidable, as well as universal monadic 
second order logic. Reynolds shows in [1311 that the satisfiability problem of temporal logic 
with only the Until connective is also PSPACE-complete, and conjectures that this might stay 
true when adding the Since connective. The upper bound in [7J is obtained by reducing the 
satisfiability of LTL formulae to the accessibility problem in an appropriate automata model, 
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accepting words indexed by ordinals. In this paper, we focus on the general case of arbitrary 
linear orderings, using the full logic with Until, Since and both Stavi connectives. Our aim 
is to investigate the connections between LTL and automata in this setting. 

Automata on linear orderings were introduced by Bruyere and Carton ||3l. This model 
extends traditional finite automata using "limit" transitions to handle positions with no suc- 
cessor or predecessor, furthering Biichi's model of automata on words of ordinal length ||4|. 
Carton showed in ||5J that accessibility over scattered ordering is decidable in polynomial 
time, and in IIT4l it was shown that these automata can be complemented over countable 
scattered linear orderings. The accessibility result can be extended to arbitrary orderings [61. 

From any formula in this logic, we define an automaton which determines whether the 
formula holds on its input word. Satisfiability of the formula is reduced to accessibility in 
this automaton, and that way we get decidability of the satisfiability problem of LTL with 
Until, Since and the Stavi operators for any rational subclass. 

Section |2] presents some definitions about linear orderings, linear temporal logic, and 
the model of automata used. Section |3] introduces our main result, an algorithm to translate 
any LTL formula into a corresponding automaton. Section |4] discusses the expressivity of 
the logic and automata considered, and looks at some natural fragments. 

2 Definitions 

2.1 Linear orderings 

We first recall some basic definitions about orderings, and introduce some notations. For a 
complete introduction to linear orderings, the reader is referred to [TSll . A linear ordering } 
is a totally ordered set (/, <) (considered modulo isomorphism). The sets of integers (a;), of 
rational numbers (//), and of real numbers with the usual orderings are all linear orderings. 

Let / and K be two linear orderings. One defines the reversed ordering —/as the order- 
ing obtained by reversing the relation < in /, and the ordering } + K as the disjoint union 
} U K extended with j < k for any j ^ J and k ^ K. For example, —a; is the ordering of 
negative integers, -co + co is the usual ordering of Z, also denoted by ^. 

A non-empty subset K of an ordering / is an interval if for any i < j < kin f, Hi ^ K and 
k a K then; G K. In order to define the runs of an automaton, we use the notion of cut. A cut 
of an ordering / is a partition (X, L) of / such that for any k E K and I E L, k < I. We denote 
by / the set of cuts of /. This set is equipped with the order defined by (Xi, Li) < (X2, L2) 
if Ki C K2. This ordering can be extended to / U / in a natural way ((X, L) < / iff j G L). 
Notice that / always has a smallest and a biggest element, respectively Cmin = (0/ /) and 
Cmax = For example, the set of cuts of the finite ordering {0, 1, . . . ,n — 1} is the 

ordering {0, 1, ... , n}, and the set of cuts of a; is a; + 1. 

For any element / of /, there are two successive cuts cj' and c^, respectively ({/ G / | 
' < /}' / I 7 — 0) ^'^d ({/ G / I 2 < ;}, {i E J \ i < /}). A gap in an ordering / is a cut c 
which is not an extremity (Cmax or Cmin), and has neither a successor nor a predecessor. 

Given an alphabet S, a word of length / is a sequence {aj)ji=j of elements of S indexed 
by /. For example, {ab)'^ is a word of length co; the sequence ab^ab^a is a word of length 
CO + CO + 1, and {ab^)^' is a word of length co^. 
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2.2 Temporal logic 

We use words over linear orderings to model the behaviour of systems over linear time. 
To express properties of these systems, we consider linear temporal logic. The set of LTL 
formulae is defined by the following grammar, where p ranges over a set AP of atomic 
propositions: cp ::= p | -^(p \ q>y cp\ cpUcp \ cpSq> \ fU'cp \ fS'cp 

Besides the usual boolean operators, we have four temporal connectives. The U connec- 
tive is called "Until", and S is called "Since". U' and S' are respectively the future and past 
Stavi connectives. Other usual connectives such as "Next" (A"), "Eventually" (J^), "Always" 
(Q) can be defined using these, as we see below. 

These formulae are interpreted on words over the alphabet 2^^. A letter in those words 
is the set of atomic propositions that hold at the corresponding position. Let x = {xj)j(=j a 
word of length /. A formula cp is evaluated at a particular position / in x; we say that (p holds 
at position i in x, and we write x, i |= cp, using the following semantics: 

x,i \= p if p G Xi 
X, i \= if x,i ^ tp 
X, i 1= V if ^/ i 1= ^1 or x, i |= ^p2 
X, i 1= xpiU\p2 if there exists ; > i such that x,j \= ip2, 

and for any k such that i < k < j, we have x, k |= xpi 
X, i 1= xpiStp2 if —X, i 1= xpil/(xp2 where —x is the reversed word {aj)j^_j 
X, i \= tpiU'tp2 if there exists a gap c G / verifying three properties: 

(1) x,i \= tpi for any position / such that i < j < c 

(2) there is no interval starting at c where xpi is always true 
{i.e. \/c<k3c<j<kx,j\= -^ipi), and 

(3) 1/^2 is always true in some interval starting at c 

X, i \= ipiS'ip2 if —X, i 1= ipiU'rp2 (it is the corresponding past connective) 

Note that we use a "strict" semantic for the Until operator, contrary to a common defi- 
nition, which would be: 

X, i \= xpiV("^xp2 if there exists ; > / such that x,j |= ip2 and x,k \= xpi for any i < k < j. 

In the strict version, the current position i is not considered for either the xpi or the xp2 part of 
the definition. Using the strict or non-strict version makes no difference when considering 
a;-words, but in the case of arbitrary orderings, the strict Until is more powerful, as noted 
by Reynolds in |[T3ll . 

The formula "Next cp", or ^ cp, is equivalent to -LUcp. "Eventually cp", noted f, is 
cp V {TUcp), and "always cp" , noted Q cp, can be expressed as 

Given a word x of length /, the truth word of ^ on x is the word V(p[x) of length / over 
the alphabet {0, 1} where the position j is labelled by 1 iff x,/ \= cp. A formula is valid if its 
truth word on any input only has ones. A formula is satisfiable if there exists an input word 
such that the truth word contains a one. 
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Consider the formula q) = /\{Q ^ X a), with AP = {a}. If x = [a®)^' (where a stands 
for {a}), then v^{x) = 0^ (at every position, either a is true or a is true in the successor). On 
the other hand, if x = aOf^aOf'a, then !7^(x) = Ol'^Ol'^O: at positions 0, oo and at the last 
position, a is true so the formula doesn't hold; at all other positions, a is false, and there is 
no position in the input word where X a holds. 

The satisfiability problem for a formula cp consists in deciding whether there exists a word 
zv and a position i in w such that w, i \= cp. As FO is decidable, and every LTL formula can 
be expressed using first order, satisfiability of LTL is decidable. Note however that in terms 
of complexity FO is already non-elementary on finite words HTSl , which is not true of LTL. 

2.3 Automata 

On infinite words, Biichi automata can be used to decide satisfiability of LTL formulae. In 
the case of words over linear orderings, a model of automata has been introduced in ||3l. 
Instead of accepting or rejecting each input word, as in the case of a;-words, we use these 
automata to compute the truth words corresponding to an LTL formula. Our model of 
automata thus has an output letter on each transition, so they are actually letter-to-letter 
transducers, which make composition easier (see Section ISH) . 

An automaton is a tuple A = {Q,'E,,Y,S, I,F) where Q is a finite set of states, Z is a 
finite input alphabet, T is a finite output alphabet, I and F are subsets of Q, respectively the 
set of initial and final states, and (5 C (Q x E x T x Q) U (2^ x Q) U (Q x 26) is the set of 
transitions. We note: 

• p ^ q if {p,a,b,q) & 3 (successor transition) 

• P ^ qii {P,q) E S (left limit transition) 

• q ^ P if {q,P) G ^ (right limit transition). 

Consider a word x = (qj)j(^] over Q. We define the left and right limit sets of x at 
position / G / as the sets of labels that appear arbitrarily close to j (respectively to its left and 
to its right). Formally: 

limy- X = {q e Q \ yk < i 3i k < i < i ^ qi = q] 
limy+ X = {q E Q \ yk > i 3i i < i < k f\ qi = q} 
Note that limy- x is non-empty if and only if the transition to / is a left limit, and similarly 
for limj+ X if the transition from / is a right limit. These sets help define the possible limit 
transitions in a run. 

Given an automaton A, an accepting run of ^ on a word x = {xj)j(^j is a word p of 
length / over Q such that: 

• Pcmn. e I and pc^,, G F; 

• for each i G /, there exists y, G T such that p^- p^+ ; 

• if c G / has no predecessor, lim^- p pc, and if c G / has no successor, pc — ?• limc+ p. 

Example 1. The first automaton in Figure\^ outputs 1 at each position immediately fol- 
lowed by al in the input word, and at other positions. 

The second automaton accepts input words whose length is a linear ordering without 
first or last element, and without two consecutive elements (i.e. dense orderings). The 
notation P — )> qo, qi means that there is a transition P ^ qo and a transition P ^ qi. 
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Limits: P ^ qo qo ^ P qi ^ P Limits: {qi, qi}, {^0,^1,^2} ^ qo,qi 

for any P C {qo, q^, 4^2} t?i, q2 {qi, qi}, {qo, qi, qi} 

Figure 1: Example automata 

In [51, Carton proves that the accessibility problem on these automata can be solved in 
polynomial time, when only considering scattered orderings. This result can be extended 
to arbitrary orderings |6l as it is done for rational expressions in [2|. The idea is to build 
an automaton over finite words which simulates the paths in the initial automaton and re- 
members their contents. In order to handle the general case (as opposed to only scattered 
orderings), the added operation is called "shuffle": sh{w-[,. . .,w„) = Hy^jXy where / is a 
dense and complete ordering without a first or last element, partitioned in dense subor- 
derings Ji . . . /„, such that Xj = Wj if / G . Looking at automata, this means that if there 
are paths from pi to qi with content Pi, . . . , from p„ to q„ with content P,„ and transitions 
from Pi U ■ • ■ U P„ to each p,, transitions from each to Pi U ■ • ■ U P„, a transition from p to 
Pi U ■ • ■ U P„ and a transition from Pi U • ■ • U P„ to q, then there is a path from p to q. 

3 Translation between formulae and automata 

Over a;-words, problems on temporal logics are commonly solved using tableau meth- 
ods II20II , or automata-based techniques IIT9H . In this work we extend the correspondence 
between LTL and automata to words over linear orderings. Our main result is Theorem |2l 

Theorem 2. For every LTL formula (p, there is an automaton Aq, which given any input 
word X outputs the truth word Vq{x). 

Moreover, this automaton Aip can be effectively computed, and has a number of states 
exponential in the size of cp. Because we can compute the product of Aip with any given au- 
tomaton and check for its emptiness, we get Corollary |3l which states that given a temporal 
formula and a rational property {i.e. an automaton on words over linear orderings), we can 
check whether there exists a model of the formula which is accepted by the automaton. 

Corollary 3. The satisfiability problem for any rational subclass is decidable. 

The idea is to build A(p by induction on the formula. We construct an elementary au- 
tomaton for each logical connective. We use composition and product operations to build 
inductively the automaton of any LTL formula from elementary automata. All automata 
used in this proof have the particular property that there exists exactly one accepting run 
for each possible input word, i.e. they are non-deterministic, but also non-ambiguous. This 
property is preserved by composition and product. 

The structure of the proof is the following: we define the composition and product op- 
erators on automata, then we present the elementary automata that are needed to encode 
logical connectives. Finally, we give the inductive method to build the automaton corre- 
sponding to a formula from elementary ones. 
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3.1 Product, composition and elementary automata 

Let ^1 = (Qi,Z,, r, ^1, 7i,fi) and ^2 = (Q2, S'/ A, ^^2/ ^2/ fiz) be two automata. The prod- 
uct consists in running both automata with the same input alphabet in parallel, and out- 
putting the combination of their outputs. If ^I's output alphabet and ^2's input alphabet 
are the same, the composition consists in running A2 over ^I's output. We use the notation 
TTi (fl, b) = a and 712(0, b) = b for the first and second projections. 

Definition 4. Suppose that A\ and A2 have the same input alphabet, i.e. E = Z'. The 
product of Ai and A2 is the automaton A^ x A2 = (Qi x Q2,Z,r x A,S,Ii x J2/fi x F2), 
where 3 contains the following transitions: 

• {({x.^i) > \^v^2) H\ and(]2 — ^ (?2' 

• P ifqi 7ri(P) and q2 ^ ^2{P), 

• P ^ iqi,q2) if7Ti{P) qi and tz2{P) q2- 



Definition 5. Suppose now that the output alphabet of A\ is the input alphabet of A2, i.e. 
r = S'. The composition of Ai and A2 is the automaton ^2 o -^i = (Qi x Q2, S, A, (5, li x 
I2, Fi X F2). The transitions in 5 are: 

• ys\\,(\'i) Wv'12) ^f<^i Hi andq2 (?2/ 

• [qi.qi) Pifqi ^i{P) andq2 ^2{P), 

• P ^ iqi,q2) if7Ti{P) qi and TZ2{P) q2- 

Recall that LTL formulae are given by cp := p \ ^cp \ (p y cp \ cpUcp \ cpU' cp \ cpScp \ cpS' (p. 
For each atomic proposition p we construct an automaton Ap which, given a word x, out- 
puts Vp{x). For each logical connective of arity n, we construct an automaton with input 
alphabet {0, 1}", and output alphabet {0, 1}. The input word is the tuple of truth words of 
the connective's variables, the output is the truth word of the complete formula. For tempo- 
ral connectives, we only describe the automata corresponding to U and U' . For the "past" 
connectives, the automata are the same with all transitions (successor and limits) reversed, 
and initial and final states swapped. 

For any p G AP, the automaton Ap is {{q},2^^ ,{Q,l},5,{q},{q}) where 5 = {{q 

q \ p ^ a}\J [q q \ p ^ a} \J {q ^ {q}, {q} — > q}. This automaton simply outputs 1 at 
positions where p is true, and everywhere else. Note that the run is uniquely determined 
by the input word; such a transducer is called non-ambiguous. 

Figures 2(a) and |2(b)| show the automata corresponding to the negation (-1) and dis- 



junction (V) connectives. Their limit transitions are {q} q and q {q}. Again, these 
automata admit exactly one run for each input word. 




0,0|0(^^^J^^?^^^0,1|1 1,0|1 
(a) Automaton for negation (b) Automaton for disjunction 
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3.2 Automaton for U 

The difficulty starts with the "Until" connective (U). We recall that cpUxp holds at position / 
in a word lo if there exists / > i such that holds at /, and such that cp holds at every position 
k such that i < k < j. 

We build an automaton Au with input alphabet {0,1}^ (corresponding to the truth 
value of cp and tp at each position), and output alphabet {0, 1}. On an input word of the 
form {vcp{iv), Vjp{w)) for some word w, we want the output to be v^y^{w). Let / = \w\, and 
c ^ J. We have five different situations. For each of these cases the figure shows an example, 
with "I" representing the cut c, and each • representing a position in the input word. 

0. c is followed by a position where cp and xp are true. 

1. c = c~, and / is such that cp is false and xp is true. 

2. other cases where cpUxp is true at c. ™P"* 

^ ' outpui 

3. c is followed by a position where both cp and xp are false. 

4. other cases where cpUxp is false at c. If c = cj' then the input at position / is (1, 0). 

1,0 1,0 {(1,-),(0,1)} 

input .... I--:^ . . . .... I--^ 'T'^^ . . . 

output 

The structure of the automaton Au and the limit transitions are given by Figure |2l This 
automaton has five states qo fo corresponding to the situations described above. Given 
any two states q and q' there exists a transition q ^ q' except from q2 to or q^ and from 
qi to qo, qi or q2. The input label of successor transitions is determined by the origin node: 
(1,1) for qQ, (0,1) for qi, (0,0) for q^, and (1,0) for q2 and q/^. The output label is 1 on 
transitions leading to qo, q\ or q2, and on transitions leading to q^ or q^. All states are 
initial, while q^ is the only final state. 

Lemma 6. Let cp and xp two formulae. Let x and y be the truth words of cp and xp on a word 
w of length J. The output of Au on {x,y) is the truth word ofcpUxp on w. 

Proof. Let p be the word of length / on Q defined by 

• if Xj = yj = 1, then p(cr) = qo; 

• if Xj = and yj = 1 then p(cr) = q^; 

• if Xj = yj = then p{cr) = q^; 

• otherwise, if there exists j > c such that yj = 1 and for all / such that c < i < j, x, = 1, 
thenp(c) = q2; 

• otherwise, p(c) = q^. 

We show that p is a run of Au, that it is unique, and that its output is indeed the truth word 
of cpUxp on w. 

By definition, p ends in q^, which is the final state of Au- Let c G /. If p{c) is qo, qi or 
qs, then c = cJ for some / and the successor transition from c to the next cut is allowed by 
the automaton. If p{c) = q2, and c = cJ for some /, then Xj = 1 and yy = 0, and p{c^) is qo, 
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1,1/1 0,1/1 




0,0/0 

Figure 2: Automaton for U 



qi or q2. If p(Cy ) = q^, then similarly Xj = 1 and yj = 0, and p{c^) can be q^ or q^. Every 
successor transition in p is thus allowed by Au- 

We now need to show the same for limit transitions. If a left limit transition leads to a 
cut c, then either tp is true arbitrarily close to the left of c (in which case the corresponding 
limit set contains qo or q-^), or it is always false (and the limit set is {(^2} or a subset of 
{^3, <^a})- If the limit set contains qo, q\ or q^, any state for c is allowed. If it is {qi}, the cut c 
can't be labelled by qj, or qj^ without violating the definition of p. Conversely, if the limit set 
is {qi} , p{c) is necessarily q^, or (^4. 

Let's now consider a right limit transition starting at a cut c. The label of this cut can 
only be q^ or q^^. In the first case, <p must be true everywhere in the limit set, which is thus 
a subset oi {qQ,q2}- In the second case, either (p is false infinitely often in the limit, or \p is 
always false. This means that the limit set contains q\ or q^, or is restricted to {(^4}. 

We now show that a run on Au is uniquely determined by the input word. Let 7 a run 
of Au on X, y. Because of the constraints on the successor transitions, a cut c is labelled by 
qo, qi or (^3 in 7 if and only if it is labelled by the same state in p. 

Let's suppose that a cut c is labelled by q2 in 7. Since q2 is not final, there exists d > c 
labelled by some other state. If there is a first such cut, its label is necessarily qQ or qi (by a 
successor transition from q^ or a limit transition from {qi})- Otherwise, there is a transition 
of the form q2 — > {qo) or q2 {qQ\,qi}- In both cases, c satisfies the condition for cuts 
labelled by q2 in the definition of p. A similar argument shows that a cut labelled by q^ in 7 
has the same label in p. The run of Au on a given input word is thus unique. 

The last step is to show that the output word is really the truth word of (plA-ip. Let j an 
element of /. First, suppose that w,] |= q)Uip. If j has a successor k, and t/? is true at k, then 
y)t = 1, and Au outputs 1 at position Otherwise, there exists k > j such that w,k\= \p (i.e. 
yjc = 1), and X( = 1 whenever j < £ < k. Thus, is labelled with q2, and Au once again 
outputs 1 at position 

Similarly, if 10, j ^ cpUtp, there are two cases. In the first case, / has a successor k, and 
= yk = 0- This means that is labelled by q^, so the output at position / is 0. In the last 



JULIEN CRISTAU 



FSTTCS 2009 9 



U/1 



0,1/0 



U/0 



'?2 



^5 



'?7 



1,0/1 '?3 



(Jo 



, 0,0/0 



'?8 



1,0/0 



Figure 3: Automaton for the future Stavi operator 



P qo, <?!/ qiifPri {qi, qs} 

0or P C {qQ,qi,q2} 

P ^ qsiiP Q {qo,qi,q2} 

P qi,q5,q6,q7 if p ^ 
{qo,qi,q2} 

P^qs if Pn{(?4,^5} 7^0 
P ^ tj9 if Pr\{q4,q5} = 
andP g {qo,qi,q2} 
qo^ PUP Q {qo,qi,q2} 
q3 ^ PiiPn {qi, q^, qe} = ® 
and qs E P 

qs^ PiiPn {qi, qs, qe, q?) ^ 



(j9 P if P n {qi, qs, qe, q?} 7^ 
and either P n {(?4, (?5} = 
or P intersects {^ji, (j4, ^je} 



case, is labelled by q^, and once again outputs 0. 



3.3 Automaton for the future Stavi connective iU') 

Let's recall that cpU'tp holds at position / if there exists a gap c > i such that q) holds at every 
position i < i < c, the property ip holds at every position in some interval starting at x, and 
-icp holds at positions arbitrarily close to c to the right. 

The central point in this definition is the gap c, which corresponds to state qj, in the 
automaton. States qo, qi and q2 follow the positions, before q^, where the formula holds. 
States qi, qs, qe, q?, qs follow the positions where the formula doesn't hold. If a run reaches 
qo, q\ or q2, it has to leave this region through q-^,, and all successor transitions until then 
have input label (1,0) or (1, 1). The structure of this automaton is depicted in Figure |3l All 
states except q^ and q<) are initial; q^ and q<) are final. Transitions from q\ and qj have input 
label (1, 1), transitions from q2 and t^e have input label (1, 0), transitions from q^ have input 
label (0, 0), and transitions from q^ have input label (0, 1). The output is 1 for transitions to 
qo, qi and q2, and for transitions to q^, q^, qs, qv and qs- 

We define a labelling p of the cuts of a word m; on {0, 1}^ using the states of the automa- 
ton in the following way: 

• qo has no successor, (pU'tp is true 

• iji has an outgoing transition labelled (1, 0), cpU'xp is true 

• q2 has an outgoing transition labelled (1, 1), fU'xp is true 

• is a gap, fU'tp is true before it and false afterwards 

• qi has an outgoing transition labelled (0, 0), cpU'xp is false 

• q^ has an outgoing transition labelled (0, 1), cpU'xp is false 

• qs has an outgoing transition labelled (1, 0), cpU'ip is false 

• qy has an outgoing transition labelled (1, 1), fU'ip is false 
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• qs has no successor, cp doesn't hold in the left limit if it has no predecessor, and cpU'xp 
is false 

• is a gap or is the last cut, cpU'xp is false, and f is true in some interval to the left 

Lemma 7. p defines the unique run of the automaton on its input word. If the input is 

{Vcp{w),v^,{w)) for some word w, then the output of this run is v^pU'ipi'^)- 

Proof. We first show that p is a run. Successor transitions correspond almost directly to 
the definitions of the labelling p, so let's look at limit transitions. For left limits, the following 
cases need to be considered: 

• if a transition P — > (^o is taken at a cut c, then either cp is true in the limit, and so cpU'xp 
is too, and P C {q^, q^, q2}, or it's not, and either q^ or q^ appear in the limit 

• the same reasoning applies for qi and 

• if c is labelled q^ then the incoming transition has to come from a subset oi {qQ,q\,q2} 
since q>lA'xp is true in the limit. 

• if a transition P — > is used, then q)U'ip is not true in the limit (otherwise it would 
still be true), and so P ^ {qo, q\, q2}} the same applies for q^, q^,, q^, qg and qg 

• if c is a left limit and is labelled qs then the incoming transition comes from a set P 
intersecting {(?4, (^5} because -1^ is repeated 

• if c is labelled qg then q^ and qs can't appear in the left limit set {cp is true) 

If c is a right limit cut, it can only be labelled qo, qs, qs or qg. Here are the possible right-limit 
transitions: 

• if a right-limit cut c is labelled qo, the limit transition has to go to a subset of {qo,q^,q2} 
since cpU'xp holds in the limit 

• if c is labelled with q^, the limit transition to its right leads necessarily to a set P not 
including qi, (^4 and q^ since rp is always true, and including q^ because is repeated 

• if c is labelled qs or qg, the right limit set can't be a subset of {qo,qi,q2} otherwise c 
would have been labelled qo 

• if c is labelled qg we have the additional condition that either cp holds in the limit (and 
neither (^4 nor q^ appears) or xp doesn't (and one of qi, q^ and q(, is in the limit) 

The labelling of cuts defined above is thus a path of the automaton, and we only need to 
show that it's the only one, using the same method as for the Au- Moreover, the definition 
of p means that the output is 1 whenever cpU'ip holds, and at all other positions. I 

3.4 Construction of Aq, 

Now that we have the basic blocks for our construction, we can build an automaton for 
any formula cp. If cp is an atomic proposition p, then we have seen how to build Ap in the 
previous section. If ^ = -^xp, then Aq, = A^ o A,p. If cp = xp-^V xp2, then Aq, = Ay o {Atp^ x 
Atj;^)- If ^ = xpiUxp2, then Acp = An o {A,p-i x Aip^^)- The same can be done for U' and for the 
past connectives. 

The number of states of the resulting automaton is the product of the number of states 
of all the elementary automata, and is thus exponential in the size of the formula. The actual 
size of the automaton includes limit transitions, so can be doubly exponential in the size of 
the formula, if those transitions are represented explicitly. 
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Limit transitions: 



P -^a,hifP <Z {a,b,c,h} 
c ^ Pif P C {a,b,c,h} 



P ^ a',f for any P 
c' PifPn{a,b,c,h} = 

Figure 4: Automaton checking whether a gap exists in the future 

To check whether the formula cp is satisfiable by a model which is recognized by an 
automaton B, we can compute the product of the automaton A^p with B, and check whether 
a transition where Aq, outputs 1 is accessible and co-accessible. This ensures that there exists 
a successful run of the product automaton going through that transition, meaning that the 
corresponding input word is accepted by B and there is a position where cp holds. This 
concludes the proof of Corollary |3l 

4 Discussion 

Logical characterization of automata. We have shown that any LTL, and thus FO, formula 
can be represented as a non-ambiguous automaton with output. But one can also build such 
an automaton where the output is the truth word of a property which can't be expressed as 
a first-order formula. The automaton shown on Figure |4] outputs 1 whenever "there is a 
gap somewhere in the future" is true; that formula can't be expressed in FO. It would be 
interesting to find a logical characterisation of the properties that can be expressed using 
such automata. 

Computational complexity. The exact complexity of the satisfiability problem for LTL on ar- 
bitrary orderings remains open. We give a 2ExpSpace procedure to compute an automaton 
from a formula, whose emptiness can then be checked efficiently. A classical optimization 
in similar problems is to compute the automaton on the fly, which saves a lot of complexity, 
so an algorithm using this technique for LTL on arbitrary orderings would be interesting. 
Expressive power. On finite and a;-words, LTL restricted to the unary operators (X, T, 
and their past counterparts) is equivalent to first-order logic restricted to two variables, 
FO^(<,+l) m. Restricting even further to and its reverse, we get a logic expressively 
equivalent to FO^ ( < ) . In the case of finite words, FO^ ( < ) corresponds to "partially ordered" 
two-way automata ||T6]| . The proof of equivalence between unary temporal logic and FO^ 
can be easily extended to the case of arbitrary linear orderings. It would be interesting to 
find such a correspondence for arbitrary orderings as well, and to see if these restrictions 
provide lower complexity results. 

Mosaics technique. In his work on LTL(W), Reynolds uses "mosaics" to keep track of the 
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subformulas that need to be satisfied in particular intervals, and to find a decomposition 
that shows the satisfiability of the initial formula. Unfortunately it is not clear if and how 
this can be extended to handle a larger fragment of the logic. 

5 Conclusion 

We investigate linear temporal order with Until, Since, and the Stavi connectives over gen- 
eral linear time, and its relationship with automata over linear order ings. We provide a 
translation from LTL to a class of non-ambiguous automata with output, giving a 2ExpSpace 
procedure to decide satisfiability of a formula in any rational subclass. 

This leaves a number of immediate questions, starting with the actual complexity for 
the satisfiability problem for LTL, but also for some of its fragments, where some operators 
are excluded. While the full class of automata over linear orderings is not closed under 
complementation 11], it might still be possible to find a logical characterization for some 
interesting subclasses. 
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